Tuesday, July 06, 2021

10 Steps To Cybersecurity

 

This guidance is designed to help organizations protect themselves in cyberspace. It breaks down the task of defending your networks, systems and information into its essential components, providing advice on how to achieve the best possible security in each of these areas.
To learn more about all the options available to you for meeting your organization’s data protection and network security requirements ….including security posture and risk assessments (https://youtu.be/n2zZjsQVZIs) ....plus comparisons of best-in-class network security / management providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , , ,

Wednesday, June 09, 2021

FROM THE FRONT LINES OF CYBER WARFARE

 


Just another breach.  We’ve heard about a lot of breaches, more records lost, and we’re getting numb to it.  But in this post, we highlight why December 2020 is a watershed moment in Cybersecurity.  We’ve officially entered the 21st Century game of cyberwarfare. We’ve always talked about the importance of Cybersecurity, and now we’ve been hit in the face. Hard. It may take months to years to discover the depth of penetration, and all along – the Attackers will have already moved on, using different tools, techniques, and circumventing our defenses.

The implications of this moment are simple: we get serious about Cybersecurity, right now, or we wave the flag of surrender.  We do the former with focus and budget, the latter we simply let our systems, networks, data, and e-commerce be “owned.”  Cyber insurance isn’t going to come in on a white horse to save the day, or your business, or our country.  The only thing that will work is to accept the reality that this is warfare.  Adopt the posture of a warrior, focus your budget, amass your tools, and step up your game.

No, Cybersecurity isn’t easy, and dealing with the seriousness of this breach will significantly burden every enterprise and government agency.  But the threat model has changed, so should your behavior.

CRITICAL BREACHES HAVE CHANGED THE GAME: GAME ON.

Situation Report: FireEye, SolarWinds, and the Departments of Treasury, Commerce, and Homeland Security all announced critical breaches in December 2020. It’s early in the game, but by all reports, it appears to have been executed by a nation-state actor. Intellectual property stolen, footholds planted, depth-of-exposure, and penetration completely unknown. The Intelligence Community (IC) is calling this the largest, most significant cyber-attack in United States history. The Actors are bold, hostile, intentional, methodical, and now in command of more advanced, customized attack toolkits.

Observations: To put the new and alarming situation into more context, let’s examine each element with a bit of a sharper lens:

  • FireEye (FE): an industry-leading threat intelligence, forensics, network, and endpoint security company was breached. FireEye/Mandiant has been called to work on the highest-profile breaches in the world. This is what we know as of early December 2020:
    • FE says a 15-year collection of “Red Team Attack Toolkits” were stolen by the nation-state actor (will not provide attribution, but all indicators are Russia).
    • o This means techniques, custom evasion tools, and frameworks, and defensive capability information is now in the hands of this nation-state actor.
    • o FE has been forthcoming and helpful to the defender community, providing signatures, rules, a repository of information, and regular communication.
    • o FE customers are not in increased danger, and likely more enhanced with new detection updates FE is applying to their products.
  • SolarWinds (SW): an industry-leading IT management toolset, offering full control, monitoring, and remote administration capabilities of network and host infrastructure within customer’s environments.
    • The Supply Chain was compromised; a backdoor was planted into a download update for their “Orion” software on the official SolarWinds update site.
    • SW states 18,000 systems (i.e., customers) affected during March-June of 2020.
      • SW has 300,000 customers, so it’s fair to assume more exposure is TBA.
    • Due to severity, The Department of Homeland Security (DHS) issued an emergency notification to all Federal departments to disconnect SolarWinds from networks.

 

  • US Departments of Treasury, Commerce, and other critical Federal agencies
    • Multiple reports with confirmed sources announced these and other agencies, technology, consulting, and other industry firms had been breached.
    • SolarWinds was the entry point, confirmed by FireEye.
    • Attack behaviors strongly indicate Cozy Bear, a nickname for a Russian foreign intelligence service group that also attacked the State Department and White House systems during the Obama administration.
    • “Ongoing active exploitation.” The DHS warning included this language with SolarWinds as the foothold. Other systems and agencies are compromised for remote surveillance and potential sabotage.

Recommendations:

  • Perform a risk assessment. The threat landscape has changed significantly, and so should the threat model. Expect to increase your budget and take this threat seriously.
  • Implement and/or enhance an enterprise-wide Cybersecurity framework.
  • It doesn’t need to be complex; use consultants to make this practical.
  • Increase threat monitoring, management, response, and hunt capabilities.
  • Increase vigilance across all sectors, industries, and internet-attached systems.

Conclusion:

The Threat landscape has changed significantly. In all sectors, all enterprises are now on serious notice to increase their security posture, and accordingly, their budgets. This bold attack against the United States and commercial entities has yielded a significant advantage to our adversaries. FireEye, known for actively tracking, reporting, and combatting nation-state actors, investigating the top breaches, was a prized target. This clearly shows the increased hostile nature of cyberwarfare. This successful attack against a prestigious Cybersecurity firm led to the theft of vital intellectual property, a collection of the most advanced, customized cyber weaponry, coupled with defense-evasion information. This is a devastating loss in the game of cyberwarfare.

Game On. We will undoubtedly see many more enterprises compromised because of both the information from the FireEye breach, as it trickles out or becomes part of an active campaign in the future, and the footholds with “ongoing active exploitation” already established by the SolarWinds backdoor. It is proactively smart to assume any organization that owns Orion is compromised, and not just the SolarWinds platform, but the systems under SW management (entire networks, servers, workstations, etc.). Recognizably a non-trivial implication, disconnecting Orion from the Internet must be a top priority until the fog clears.  Seek guidance on patch vs. flatten.  If you don’t know, ask somebody.  The same goes for advanced Threat hunting.

Convene a senior leadership meeting to be smart, clear-eyed, and proactive in your approach. Update your threat models, prioritize your risks based upon criticality.  Contain and mitigate the SolarWinds threat, assume compromise, increase Threat hunting and management, refine your strategy with a framework. Finally, adopt a framework with a continuous improvement mindset; as it’s the only way to be adaptive, resilient, budget-smart, and able to withstand the realities of this 21st Century game.


To learn more about all the options available to you for meeting your organization’s data protection and network security requirements (including security posture and risk assessments) .... plus comparisons of best-in-class network security / management providers and what they have to offer ... simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.


Labels: , , , , ,

Sunday, March 07, 2021

How To Buy Cybersecurity Solutions

 

So, you want to buy a Cybersecurity solution. What is the problem you are trying to solve? Is it a point problem or a more significant issue? How did you decide this “problem” is the priority? Most organizations remain mired in tactical warfare – reactively managing tools, putting out fires, and this is their Cybersecurity program. They decide what “problem” to budget for when a tool loses utility or an expert tells them they need something to fix a problem. But if you don’t adopt and implement a Framework to support your Cybersecurity strategy, then all you have is a mission statement.  You will remain stuck in tactical warfare, reacting to the latest industry and internal noise, buying more tools to solve problems when what you need is a strategy.  

Organizations of all sizes continue to get breached. Millions of dollars get paid in ransomware per incident, nation-states keep the upper hand, and organized crime gets away with cash and a laugh. What can we really learn? That we need to adopt a mindset of resiliency. A resilient enterprise accepts the reality of a breach and builds “solutions” to rapidly detect, respond to, eradicate, and recover from a compromise. Containment is key. Detection is the lynchpin. If you stay down in the weeds, managing the firewalls and other security infrastructure, chasing vulnerabilities, and patching, then you are going to remain in reactive mode, missing the real Threat Actors. 

Let’s get out of the weeds and get serious. The real problems to solve are a lack of time and a lack of focus. Frameworks deliver both. Be proactive and choose a Framework carefully, ensuring it matches the context and culture of the organization. CIS Security Controls, SANS Top 20, NIST, ISO, and others are excellent choices, but for the right environment!  Choose wisely, start simple, establish the basics, and then you have a baseline to measure from and build upon. Implement a continuous improvement mindset, and the Cybersecurity program becomes a resilient, dynamic, adaptive ecosystem to keep pace with the evolving threat landscape. Exceptional brainpower is required to select a Framework and deploy the right “solutions” to build this capability. This is the right use of your team’s time, not managing security tools.  

 Stop paying organized crime and instead pay the good guys, increase security budgets, and invest in your own army to defend and defeat the bad actors. Be realistic that you and your teams can’t do it alone. It’s not practical, feasible, or even attainable. Leverage Service Providers to get scale and efficiency and act as your force multiplier. For a fraction of the cost of more security staff, you’re getting consistent, SLA-bound performance and a dependable function from a 24×7 operation of dedicated experts. Of course, you must choose a vendor carefully, but when you do – what you’re buying is Time – precious time for your team.    

The best use of a Cybersecurity professional’s talents are deep-thinking projects on business and IT initiatives, not managing tools. These include Cloud adoption, Data protection, advanced Threat Hunting, establishing reference architectures, evaluating emerging technologies, design reviews, and improving the Cybersecurity program. This is how you shift the organization into a proactive, resilient mode. Hold the Service Providers accountable for routine cybersecurity functions traditionally delivered by tools but now consumed as a service. The output of those services is refined feedback for your Security experts to make more informed decisions about the Cybersecurity program.  

Buying Cybersecurity the right way means you start with a risk analysis. Ideally, this includes current, informed, and mature Threat modeling. This is only the beginning, as it ought to be an iterative process. Risks change over time, so should the analysis. This defines the strategy, and then a Framework should be chosen, championed, and deployed, which puts the strategy in motion. Choose carefully! It will be the foundation for your Cybersecurity program, and early success is vital to adoption and continued support. Being overly ambitious, draconian, or failing to consider the culture of the enterprise is the perfect recipe for failure. But establishing a proactive, adaptive program built upon a Framework delivers resilience to the 21st-century enterprise.   

The recent FireEye and SolarWinds storylines give all of us a serious wake-up call to the reality of 21st-century cyber warfare, as it is much more than a “yet another breach” story. Your enterprise depends on IT to deliver services, orders, goods, obtain revenue, and you are connected to the Internet. Accept that you are a breach soon to happen because this is the new reality. Adopt a Framework to deliver a risk-informed, adaptive Cybersecurity posture.       

That’s the essence of Cyber resilience. Focus on better Threat Hunting, data protection, Incident Response, and continuous improvement. Make informed decisions from the output of tools and buy it as a service, which is a much more effective use of time than managing tools. Let experts manage the tools, thereby enabling your experts to focus on the tools’ information to see the bigger threat picture.      

Think holistically across the enterprise and silos. Establish a reference architecture built upon a Framework. Increase budgets to shift from a reactive to proactive posture using the scale and expertise of Service Providers for all the basics. Focus your team’s efforts towards more advanced, sorely needed areas where you can best use their excellent brainpower.     

Buy time for your team. That’s the solution to your Cybersecurity problem. 


To learn more about all the options available to you for meeting your organization’s data protection and network security requirements (including security posture and risk assessments, and awareness training and employee education programs) .... plus comparisons of 100s of best-in-class network security / cybersecurity providers and what they have to offer ... simply ask us at Network Security Solutions.  It’s as easy as 1, 2, 3.

Labels: , , , , ,

Wednesday, December 02, 2020

Is It Better To Outsource Security Or Handle Security In House?

Is it better to handle your IT security in-house, or is it more effective to outsource security operations? In all honesty, there are advantages and disadvantages to both approaches. Neither option is perfect, but either one can be effective under the right circumstances. So let’s take a look at the pros and cons of both approaches.
Ultimately, there is no such thing as a perfect security solution--whether you host it yourself or whether you outsource security. Many organizations have found that the best way to keep themselves secure is to use a combination of both types of solutions.
To learn more about all the options available to you for meeting your organization’s data protection and network security strategy requirements….including security posture and risk assessments ....plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , ,

Tuesday, November 10, 2020

5 Steps To Proper Enterprise Data Protection

If enterprises want to protect sensitive information, they need to implement an effective enterprise data protection system. Read more here....
To learn more about all the options available to you for meeting your organization’s data protection and network security strategy requirements….including security posture and risk assessments ....plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , , ,

Friday, November 06, 2020

Everything You Need To Know About 5G Business Security

Now's the time to explore both 5G benefits and 5G security risks for business before you unleash the full power of 5G on your business. Read on for more.....
To learn more about all the options available to you for meeting your organization’s data protection and network security strategy requirements….including security posture and risk assessments....plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , , ,

Friday, September 11, 2020

Cloud vs On-Premise....Striking A Balance On Security

The balance between on-premise and cloud infrastructure should be tailored to an organization's needs at any given time. It should mirror an organisation’s risk appetite and its business imperative. Furthermore, better standards for encryption and engineering are needed on a universal scale that are underpinned by the latest legislation.
To learn more about all the options available to you for meeting your organization’s data protection and network security requirements….including security posture and risk assessments (https://youtu.be/n2zZjsQVZIs) ....plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , , , ,

Tuesday, February 18, 2020

Finally, An Easy, Affordable, And Automated Security Assessment

Listen to this interview with David Burgeson the COO of Renaissance Systems Inc. (RSI). RSI provides network security assessments that are carrier-agnostic. Learn everything you need to know in this brief interview.

To learn more about all the options available to you for meeting your organization’s data protection and network security requirements…including security assessments from RSI plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , , ,

Monday, September 09, 2019

Finally, An Easy, Affordable, And Automated Security Assessment

Listen to this interview with David Burgeson the COO of Renaissance Systems Inc. (RSI). RSI provides network security assessments that are carrier-agnostic. Learn everything you need to know in this brief interview.

To learn more about all the options available to you for meeting your organization’s data protection and network security requirements…including security assessments from RSI plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.


Labels: , , , ,